Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Pre Production System Accreditation
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Wed, 5 Sep 2007 14:42:48 -0400

On Wed, 05 Sep 2007 12:35:14 CDT, Dan Johnson said:

Instead of adding more to the long message that this has become... the axiom
provided is completely true.  As security professionals, we all need to
strive for the perfection of secure systems.

Erm. No.  We don't want a perfectly secure system.  We want an *appropriately*
secure system.  At some point, the costs of better security outweigh the benefits.

And the sysadmins actually realize it at a gut level, even if they can't spell
it out - that's why they tend to say "here comes the security geek with a bunch
of silly rules and dumb restrictions".  Because quite often, they *know* that
some of the requirements don't make much difference in *real* security.

Of course, deciding what a "sufficiently high" level of security should be
for a given system is a whole *different* can of worms.. ;)

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]